Mailing List Archive

help - how to check archives and known issue
Dear team
Need two help, we are using OpenSSH 7.x on a Windows Server 2019 for SFTP connection from public IPs.
We are facing an issue that every few minutes (10-15), connection from outside stop working and error is "Connection Refused".
We didn't find anything in the logs and logs don't make any entry for such, to resolve the issue for now we have enabled a task in Windows to restart the OPenssh service every 10 minutes and now its working.

Any suggestion, how we can troubleshoot?

Regards
Deepak Garg

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you



_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Re: help - how to check archives and known issue [ In reply to ]
On 05.09.21 05:00, Deepak Garg wrote:
> Need two help, we are using OpenSSH 7.x on a Windows Server 2019 for SFTP
> connection from public IPs.
> We are facing an issue that every few minutes (10-15), connection from
> outside stop working and error is "Connection Refused".
> We didn't find anything in the logs and logs don't make any entry for such,
> to resolve the issue for now we have enabled a task in Windows to restart
> the OPenssh service every 10 minutes and now its working.
>
> Any suggestion, how we can troubleshoot?

I'm not familiar with the Win part (in particular, how it affects the
possibilities to make the log more verbose for debugging), but on the
sshd_config side, you might want to experiment with:
-- lowering LoginGraceTime and MaxAuthTries (to clean out failing login
attempts, read, script kiddies, faster)
-- varying MaxSessions (less for "bad guys", more for legit users, maybe
using a Match statement to tell the two apart)
-- raising MaxStartups (temporarily, just to see if unauthenticated
connections *are* the root cause and it takes longer until failure)
-- if your legit users use keypair auth, try disabling password auth
altogether

Getting current *counts* of unauthenticated vs. proven-legit connections
would be quite valuable, I think ...

Regards,
--
Jochen Bern
Systemingenieur

Binect GmbH